Latest Openbsd Vulnerabilities

CVE-2021-35000
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
OpenBSD Kernel
CVE-2021-34999
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
OpenBSD Kernel
CVE-2023-51767
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-4
CVE-2023-51384
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constr...
Openbsd Openssh<9.6
Apple macOS Sonoma<14.4
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
ubuntu/openssh<1:9.3
ubuntu/openssh<1:9.6
and 2 more
CVE-2023-51385
, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling
Openbsd Openssh<9.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
ubuntu/openssh<1:7.6
ubuntu/openssh<1:8.2
and 6 more
CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
pip/paramiko>=2.5.0<3.4.0
go/golang.org/x/crypto<0.17.0
rust/russh<0.40.2
Apple macOS Sonoma<14.4
Openbsd Openssh<9.6
Putty Putty<0.80
and 128 more
CVE-2023-38283
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed i...
Openbgpd Openbgpd<8.1
Openbsd Openbsd<7.3
Openbsd Openbsd=7.3
Openbsd Openbsd=7.3-errata_001
Openbsd Openbsd=7.3-errata_002
Openbsd Openbsd=7.3-errata_003
and 2 more
CVE-2023-40216
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI te...
Openbsd Openbsd=7.3
Openbsd Openbsd=7.3-errata_001
Openbsd Openbsd=7.3-errata_002
Openbsd Openbsd=7.3-errata_003
Openbsd Openbsd=7.3-errata_004
Openbsd Openbsd=7.3-errata_005
and 8 more
CVE-2023-38408
Remote Code Execution in OpenSSH's forwarded ssh-agent
Openbsd Openssh<9.3
Openbsd Openssh=9.3
Openbsd Openssh=9.3-p1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
IBM QRadar SIEM<=7.5.0 - 7.5.0 UP6
and 10 more
CVE-2023-35784
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affect...
Openbsd Libressl<3.6.3
Openbsd Libressl>=3.7.0<3.7.3
Openbsd Openbsd=7.2
Openbsd Openbsd=7.3
CVE-2021-46880
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
Openbsd Libressl<3.4.2
Openbsd Openbsd<7.0
CVE-2022-48437
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verific...
Openbsd Libressl<3.6.1
Openbsd Openbsd<7.2
CVE-2023-29323
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped I...
Opensmtpd Opensmtpd<7.0.0
Openbsd Openbsd=7.1
Openbsd Openbsd=7.2
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
Openbsd Openssh>=8.9<9.3
Netapp Brocade Fabric Operating System
Netapp Hci Bootstrap Os
Netapp Solidfire Element Os
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
and 2 more
CVE-2023-27567
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
Openbsd Openbsd=7.2
CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote at...
Openssh Openssh=9.1
Fedoraproject Fedora=37
Fedoraproject Fedora=38
NetApp ONTAP Select Deploy administration utility
Netapp A250 Firmware
Netapp A250
and 11 more
CVE-2022-27882
Openbsd Openbsd=6.9
Openbsd Openbsd=7.0
CVE-2022-27881
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge ca...
Openbsd Openbsd=6.9
Openbsd Openbsd=7.0
CVE-2021-36368
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified...
Openbsd Openssh<8.9
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3
CVE-2021-41617
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs f...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10<=1:8.4p1-5<=1:8.4p1-6
ubuntu/openssh<1:8.2
ubuntu/openssh<8.8
ubuntu/openssh<1:7.2
Openbsd Openssh>=6.2<8.8
Fedoraproject Fedora=33
and 21 more
CVE-2021-41581
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' ...
Openbsd Libressl<=3.4.0
CVE-2016-20012
** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is corr...
Openbsd Openssh<=8.7
NetApp Clustered Data ONTAP
Netapp Hci Management Node
NetApp ONTAP Select Deploy administration utility
Netapp Solidfire
<=8.7
and 4 more
CVE-2019-25049
Openbsd Libressl>=2.9.1<=3.2.1
Linux Linux kernel
CVE-2019-25048
LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).
Openbsd Libressl>=2.9.1<=3.2.1
Linux Linux kernel
CVE-2010-4816
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
Openbsd Openbsd=4.6
Openbsd Openbsd=6.3
Openbsd Openbsd=4.9
Openbsd Openbsd=8.0
CVE-2020-26142
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packe...
Openbsd Openbsd=6.6
CVE-2021-28041
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an a...
Openbsd Openssh>=8.2<8.5
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
and 6 more
CVE-2020-16088
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
Openbsd Openbsd<=6.7
CVE-2020-15778
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh<8.3
Openbsd Openssh=8.3
Openbsd Openssh=8.3-p1
Netapp A700s Firmware
Netapp A700s
and 9 more
CVE-2020-14145
OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy flaw. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the ...
IBM Security Guardium Insights<=2.0.2
Openbsd Openssh>=5.7<8.4
Openbsd Openssh=8.4
Openbsd Openssh=8.5
Openbsd Openssh=8.6
Netapp Aff A700s Firmware
and 8 more
CVE-2020-12062
** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to o...
Openbsd Openssh=8.2
=8.2
CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
FreeBSD FreeBSD=8.2
Apple Mac OS X>=10.6.0<=10.7.2
Openbsd Openbsd=5.0
PHP PHP>=5.3.0<=5.3.10
CVE-2020-7247
OpenSMTPD Remote Code Execution Vulnerability
OpenBSD OpenSMTPD
=6.6
=9.0
=10.0
=32
=18.04
and 13 more
CVE-2012-5663
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).
Openbsd Textproc\/isearch<1.47.01nb1
CVE-2019-19726
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chp...
Openbsd Openbsd<=6.6
CVE-2019-14899
Kernel. A routing issue was addressed with improved restrictions.
Apple macOS Catalina<10.15.6
Apple Mojave
Apple High Sierra
Apple tvOS<13.4.8
Apple iOS<13.6
Apple iPadOS<13.6
and 11 more
CVE-2012-1577
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
debian/dietlibc
Dietlibc Project Dietlibc
Openbsd Openbsd
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2019-19520
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...
Openbsd Openbsd=6.6
CVE-2019-19522
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's f...
Openbsd Openbsd=6.6
CVE-2019-19521
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login...
Openbsd Openbsd=6.6
CVE-2019-19519
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd=6.6
CVE-2019-16905
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This l...
Openbsd Openssh>=7.7<=7.9
Openbsd Openssh>=8.0<8.1
Netapp Cloud Backup
Netapp Steelstore Cloud Integrated Storage
Siemens Scalance X204rna Firmware<3.2.7
Siemens Scalance X204rna
and 2 more
CVE-2019-8460
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of s...
Openbsd Openbsd<=6.5
CVE-2019-6724
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malici...
Barracuda VPN Client<5.0.2.7
Apple Mac OS X
Linux Linux kernel
Openbsd Openbsd
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI co...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u2<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u1<=1:9.2p1-2+deb12u2<=1:9.6p1-2
Openbsd Openssh<=7.9
Winscp Winscp<=5.13
Netapp Element Software
Netapp Ontap Select Deploy
Netapp Storage Automation Store
and 4 more
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only perfo...
ubuntu/openssh<1:7.6
ubuntu/openssh<1:7.7
ubuntu/openssh<1:6.6
ubuntu/openssh<1:7.2
Openbsd Openssh<=7.9
Winscp Winscp<=5.1.3
and 76 more
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the targ...
debian/openssh<=1:7.4p1-10<=1:7.9p1-4<=1:7.4p1-10+deb9u4
debian/openssh
Openbsd Openssh<=7.9
Winscp Winscp<=5.13
Netapp Cloud Backup
Netapp Element Software
and 88 more
CVE-2015-5334
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Apple macOS Mojave<10.14
Openbsd Libressl<2.3.1
Oracle Java Runtime Environment (JRE)=13.2
CVE-2015-5333
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Apple macOS Mojave<10.14
Openbsd Libressl<2.3.1
Oracle Java Runtime Environment (JRE)=13.2
CVE-2018-15919
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states '...
Openbsd Openssh>=5.9<=7.8
Netapp Cloud Backup
Netapp Data Ontap Edge
Netapp Ontap Select Deploy
Netapp Steelstore
Netapp Cn1610 Firmware
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203